linkRace
commented
5 years ago Generally for an api wrapper like this, you would turn csrf off since there's no authentication pre-call to the post request, so I'd recommend either turning csrf off entirely or using the blacklist.
djaffer
app.post('/hello', test.postHello);
exports.postHello = (req, res,next) => { //res.local = req.local no success res.send("hello"); };
Yes I understand that I am doing post without get. This is because I am writing a wrapper of an api. I am testing through postman. I The documentation seems little challenging to get. For the get method everything is working fine and I print the res it has the res.locals. If a user wants to do post without get then how to make it work. I certainly want to use the lusca.